Ask / Submit
3

WLAN issue 3.0.1.14

asked 2019-02-10 18:10:58 +0200

hewi gravatar image

updated 2019-02-10 18:12:00 +0200

I have the strangest issue with my XA2 since updating to the latest update and installing Android Support. I can not connect via terminal ssh nemo@IP and from the phone i can only run pkcon refresh when mobile data is on.

With only WLAN enabled i get errors when trying to update from openrepos & jolla store though i can surft the net.

Could it be that the iptables are wrong (never edited them though)

Any idea WHERE to start troubleshooting?

edit retag flag offensive close delete

1 Answer

Sort by » oldest newest most voted
0

answered 2019-02-11 10:53:24 +0200

Pasko gravatar image

Hi.

As stated in the changelog for version 3.0.1 remote access via SSH for cellular with IPV6 has been disabled. You should add the appropriate line in file:

/etc/connman/firewall.d/00-devmode-firewall.conf

, just under the line with title [cellular]

IPv4.INPUT.RULES = -p tcp -m tcp --dport 22 -j ACCEPT

Should your Operator/ISP be using IPV6 instead of IPV4, change accordingly IPV4 --> IPV6

I also wrote a small note regarding VPN's here: (https://together.jolla.com/question/197356/remote-shell-over-cellularvpn-in-sailfish-30111/)

Hope this helps. Regards.

edit flag offensive delete publish link more

Comments

1

Thanks Pasko but i think this is not my problem. I connect to my home WLAN and run ifconfig on the XA2. It clearly shows that i have obtained an IP Adress but for example can not ping 8.8.8.8. Also i can not run updates from Jolla Store / Openrepos either via GUI or shell. Furthermore Jolla store does not show me any Android Apps. I have no idea what is going on since i installed 3.01.14

hewi ( 2019-02-11 18:21:45 +0200 )edit

Hi.

Sorry, I think I got it wrong.

Could you please post here the results of executing (as root) the following command while connected to WiFi?:

iptables-save

Is should show the rules that apply while your device is connected to WiFi....

Here's what I get while on my WLAN:

    # Generated by iptables-save v1.6.1 on Mon Feb 11 19:40:02 2019
*security
:INPUT ACCEPT [166800:194693381]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [81187290:15972921901]
COMMIT
# Completed on Mon Feb 11 19:40:02 2019
# Generated by iptables-save v1.6.1 on Mon Feb 11 19:40:02 2019
*raw
:PREROUTING ACCEPT [167187:194716827]
:OUTPUT ACCEPT [81187321:15972925683]
COMMIT
# Completed on Mon Feb 11 19:40:02 2019
# Generated by iptables-save v1.6.1 on Mon Feb 11 19:40:02 2019
*nat
:PREROUTING ACCEPT [396:24686]
:INPUT ACCEPT [16:1677]
:OUTPUT ACCEPT [969:70268]
:POSTROUTING ACCEPT [646954:46957855]
COMMIT
# Completed on Mon Feb 11 19:40:02 2019
# Generated by iptables-save v1.6.1 on Mon Feb 11 19:40:02 2019
*mangle
:PREROUTING ACCEPT [167187:194716827]
:INPUT ACCEPT [167180:194714867]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [77929:11331434]
:POSTROUTING ACCEPT [103565946:38972240422]
:connman-INPUT - [0:0]
:connman-POSTROUTING - [0:0]
-A INPUT -j connman-INPUT
-A POSTROUTING -j connman-POSTROUTING
-A connman-INPUT -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A connman-POSTROUTING -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
COMMIT
# Completed on Mon Feb 11 19:40:02 2019
# Generated by iptables-save v1.6.1 on Mon Feb 11 19:40:02 2019
*filter
:INPUT DROP [374:21174]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [49250730:9835228087]
:connman-INPUT - [0:0]
:connman-OUTPUT - [0:0]
-A INPUT -j connman-INPUT
-A OUTPUT -j connman-OUTPUT
-A connman-INPUT -i wlan0 -p tcp -m tcp --dport 22 -j ACCEPT
-A connman-INPUT -i usb0 -j ACCEPT
-A connman-INPUT -i rndis0 -j ACCEPT
-A connman-INPUT -p icmp -m icmp ! --icmp-type 8/0 -j ACCEPT
-A connman-INPUT -p dccp -m multiport --dports 1024:65535 -j ACCEPT
-A connman-INPUT -p sctp -m multiport --dports 1024:65535 -j ACCEPT
-A connman-INPUT -p tcp -m multiport --dports 1024:65535 -j ACCEPT
-A connman-INPUT -p udplite -m multiport --dports 1024:65535 -j ACCEPT
-A connman-INPUT -p udp -m multiport --dports 1024:65535 -j ACCEPT
-A connman-INPUT -p esp -j ACCEPT
-A connman-INPUT -p ah -j ACCEPT
-A connman-INPUT -i lo -j ACCEPT
-A connman-INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A connman-OUTPUT -o usb0 -j ACCEPT
-A connman-OUTPUT -o rndis0 -j ACCEPT
-A connman-OUTPUT -p icmp -m icmp ! --icmp-type 0/0 -j ACCEPT
COMMIT
# Completed on Mon Feb 11 19:40:02 2019

Regards.

Pasko ( 2019-02-11 20:43:47 +0200 )edit

OK thanks first for taking the time to figure out whats wrong here. I reaaly am thankfull!!!!

hewi ( 2019-02-12 19:38:10 +0200 )edit

:PREROUTING ACCEPT [81:105982] :INPUT ACCEPT [77:104194] :OUTPUT ACCEPT [48:3067] :POSTROUTING ACCEPT [51:3763] COMMIT

Completed on Tue Feb 12 19:34:39 2019

Generated by iptables-save v1.6.1 on Tue Feb 12 19:34:39 2019

*mangle :PREROUTING ACCEPT [542:282710] :INPUT ACCEPT [540:282074] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [491:62335] :POSTROUTING ACCEPT [505:63698] :connman-INPUT - [0:0] :connman-POSTROUTING - [0:0] -A INPUT -j connman-INPUT -A POSTROUTING -j connman-POSTROUTING -A connman-INPUT -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff -A connman-POSTROUTING -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff COMMIT

Completed on Tue Feb 12 19:34:39 2019

Generated by iptables-save v1.6.1 on Tue Feb 12 19:34:39 2019

*filter :INPUT DROP [2:1152] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1102465:618747707] :connman-INPUT - [0:0] :connman-OUTPUT - [0:0] -A INPUT -j connman-INPUT -A OUTPUT -j connman-OUTPUT -A connman-INPUT -i wlan0 -p tcp -m tcp --dport 22 -j ACCEPT -A connman-INPUT -i usb0 -j ACCEPT -A connman-INPUT -i rndis0 -j ACCEPT -A connman-INPUT -p icmp -m icmp ! --icmp-type 8/0 -j ACCEPT -A connman-INPUT -p dccp -m multiport --dports 1024:65535 -j ACCEPT -A connman-INPUT -p sctp -m multiport --dports 1024:65535 -j ACCEPT -A connman-INPUT -p tcp -m multiport --dports 1024:65535 -j ACCEPT -A connman-INPUT -p udplite -m multiport --dports 1024:65535 -j ACCEPT -A connman-INPUT -p udp -m multiport --dports 1024:65535 -j ACCEPT -A connman-INPUT -p esp -j ACCEPT -A connman-INPUT -p ah -j ACCEPT -A connman-INPUT -i lo -j ACCEPT -A connman-INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A connman-OUTPUT -o usb0 -j ACCEPT -A connman-OUTPUT -o rndis0 -j ACCEPT -A connman-OUTPUT -p icmp -m icmp ! --icmp-type 0/0 -j ACCEPT COMMIT

hewi ( 2019-02-12 19:40:00 +0200 )edit

and sorry i have no idea how to make the code look nice here

hewi ( 2019-02-12 19:40:42 +0200 )edit
Login/Signup to Answer

Question tools

Follow
2 followers

Stats

Asked: 2019-02-10 18:10:58 +0200

Seen: 268 times

Last updated: Feb 11